Merge "Add rule for updating network's router:external attribute"
This commit is contained in:
commit
7a5df446ee
@ -39,6 +39,7 @@
|
||||
"update_network:provider:network_type": "rule:admin_only",
|
||||
"update_network:provider:physical_network": "rule:admin_only",
|
||||
"update_network:provider:segmentation_id": "rule:admin_only",
|
||||
"update_network:router:external": "rule:admin_only",
|
||||
"delete_network": "rule:admin_or_owner",
|
||||
|
||||
"create_port": "",
|
||||
|
@ -29,7 +29,7 @@ EXTERNAL = 'router:external'
|
||||
EXTENDED_ATTRIBUTES_2_0 = {
|
||||
'networks': {EXTERNAL: {'allow_post': True,
|
||||
'allow_put': True,
|
||||
'default': attr.ATTR_NOT_SPECIFIED,
|
||||
'default': False,
|
||||
'is_visible': True,
|
||||
'convert_to': attr.convert_to_boolean,
|
||||
'enforce_policy': True,
|
||||
|
@ -108,6 +108,19 @@ class ExtNetDBTestCase(test_db_plugin.NeutronDbPluginV2TestCase):
|
||||
result = plugin.get_networks(ctx, filters=None)
|
||||
self.assertEqual(result, [])
|
||||
|
||||
def test_update_network_set_external_non_admin_fails(self):
|
||||
# Assert that a non-admin user cannot update the
|
||||
# router:external attribute
|
||||
with self.network(tenant_id='noadmin') as network:
|
||||
data = {'network': {'router:external': True}}
|
||||
req = self.new_update_request('networks',
|
||||
data,
|
||||
network['network']['id'])
|
||||
req.environ['neutron.context'] = context.Context('', 'noadmin')
|
||||
res = req.get_response(self.api)
|
||||
# The API layer always returns 404 on updates in place of 403
|
||||
self.assertEqual(exc.HTTPNotFound.code, res.status_int)
|
||||
|
||||
def test_network_filter_hook_admin_context(self):
|
||||
plugin = manager.NeutronManager.get_plugin()
|
||||
ctx = context.Context(None, None, is_admin=True)
|
||||
|
Loading…
Reference in New Issue
Block a user